file[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.dll
Size

2.2MB
MD5

2901bd6bc8c0e12e6c0e4b6bf469f40a
SHA1

fcc4b5f3df4ae3f4bed2d07ec638e878a0fdc3e9
SHA256

2544e5dfe29cbb14a5109eafe393f67fa4739a46d08d3e522df3b73f3d4d3177
SHA512

5dadd3265446d769ae83cb60390ac1ad84ca6954502ec839ecd75f7ca5b01a9efc807472b98c9e632628f74c93781b031e54e2eb6209fd985ffeee15022b5998
SSDEEP

49152:Ms122ZuVimDPYfIAqdqHuC76y8ni7Z8/WqVMNY96bDLYATKOdF4AbiyV:4diEgQrdmmDniaOqVT9ADLLFNbrV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.dll

Files

file.dll
.dll windows:5 windows x86 arch:x86

542f5498114884aa059d3ac4381be78d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

AbortDoc

oleaut32

SafeArrayCreateVector
GetRecordInfoFromGuids

user32

ReleaseCapture
GetMenuItemID
TrackPopupMenu

kernel32

GetModuleHandleW
GetUserDefaultLangID
LoadLibraryExA
OutputDebugStringA

mprapi

MprConfigTransportGetHandle

advapi32

CheckTokenMembership
RemoveUsersFromEncryptedFile

Exports

Exports

VzhhoaeEnwsasio

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt
Size: 4KB - Virtual size: 105B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ